New cyber threats emerge: Phishing attacks powered by AI, faster vulnerability exploitation and more. Learn how to defend your organization in BlueVoyant’s report.
Cybersecurity firm BlueVoyant has unveiled its second External Cyber Defence Trends Report, spotlighting the emerging threats organizations encounter beyond traditional IT boundaries. The firm’s research highlights cyber criminals’ novel tactics, including deploying generative AI for phishing, utilizing online advertisements for attacks, and faster exploiting new vulnerabilities.
The analysis is grounded in data from 25,000 companies worldwide, including corporations in the APAC region, specifically Australia, New Zealand, Singapore, and Malaysia.
“Organisations’ attack surfaces are ever expanding, and cyber threat actors are adapting their strategies to exploit new avenues of vulnerabilities,” Joel Molinoff, BlueVoyant’s Global Head of Supply Chain Defence, commented. He added that the intention behind BlueVoryant’s novel research was to “shine a light” on the attack vectors organizations need to be mindful of and to propose actions to help avert the latest threats.
Artificial intelligence (AI) revolutionizes how businesses function, significantly enhancing content production. However, cybercriminals are also exploiting AI to mount more effective phishing campaigns. Ron Feler, BlueVoyant’s Global Head of threat intelligence, cautioned, “The biggest cybersecurity risk from the increasing use of AI tools is an escalated volume of attacks. While the essentials of the attacks don’t change, the increased number and diversity of attacks make defenders’ jobs more challenging.”
The report presents the following key findings:
- Online Ads as an Attack Vector: BlueVoyant’s threat intelligence has noticed threat actors capitalizing on search engine ads as phishing distribution vectors, enticing unsuspecting individuals to malicious websites masquerading as notable financial institutions in the US, UK, and Eastern Europe.
- Cyber Criminals’ Use of AI: While AI does not fundamentally alter how threat actors launch attacks, security teams must be aware of their adversaries’ use of AI to streamline their workflow.
- The Need for Better Email Security: Many organizations are not employing key security protocols, potentially leaving them vulnerable to email-based threats.
- The Continued Need to Patch Quicker: BlueVoyant’s initial report indicated slow patching systems on the part of organizations, with attackers exploiting vulnerabilities much faster. Using this latest information, the firm found that exploitation of vulnerabilities is accelerating, creating a high-stakes race between defenders and threat actors.
The study utilized data from BlueVoyant’s Supply Chain Defence and Digital Risk Protection solutions: the former is a fully-managed solution that constantly monitors clients’ third parties for vulnerabilities and operates on quick resolutions, while the latter identifies threats against clients on the clear, deep, and dark web or through instant messaging applications, providing unlimited external remediation to prevent financial loss and reputation damage.
